The FBI is warning of a sharp rise in so-called “business email compromise,” where finance staff are typically tricked into wiring huge amounts of money out of their company.
The Feds said this type of scam, also known as ‘whaling,’ has landed cyber-criminals over $2 billion in just over two years, with $800m coming in the past six months alone.
Although there was no updated information on the FBI site at the time of writing, the Financial Times reported the FBI as saying the average lost was $120,000.
Lost funds have apparently been traced to 108 countries, with many of the scammers’ bank accounts located in Asia and Africa where the reach of US agents is limited.
“Criminals don’t have borders and this is a global problem,” James Barnacle, chief of the FBI’s money laundering unit, is quoted as saying.
“We’re working with our criminal investigation resources, our cyber resources, our international operations divisions — which is all our legal attachés overseas — and we’re working with foreign partners around the world to try to tackle this crime problem.”
This type of scam usually involves a spoofed email sent to the finance department claiming to come from the CEO or CFO and requesting a large transfer of funds to an external account. It relies simply on social engineering and domain spoofing/squatting, but has become increasingly popular of late.
In February 2015, fraudsters made off with $17m after persuading a senior executive at commodities trader Scoular to wire funds to a Chinese bank.
Email security firm Mimecast claimed late last year that over half of IT professionals had seen an increase in whaling attacks over the previous three months.
The firm’s cybersecurity strategist, Orlando Scott-Cowley, claimed whaling is evolving rapidly around the world.
“These social-engineering-led threats are designed to pierce traditional email security technology and often include no malware for signature or sandbox detection,” he told Infosecurity.
“Employee education and air-gapped procedures can help but IT managers should also consider clearly marking emails that have arrived from outside the company.”